Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.105298
Category:Web application abuses
Title:CUPS < 2.0.3 Multiple Vulnerabilities
Summary:Various versions of CUPS are vulnerable;to a privilege escalation due to a memory management error.
Description:Summary:
Various versions of CUPS are vulnerable
to a privilege escalation due to a memory management error.

Vulnerability Insight:
CVE-2015-1158:
An issue with how localized strings are handled in cupsd allows a reference
counter to over-decrement when handling certain print job request errors. As a
result, an attacker can prematurely free an arbitrary string of global scope,
creating a dangling pointer to a repurposed block of memory on the heap. The
dangling pointer causes ACL verification to fail when parsing 'admin/conf' and
'admin' ACLs. The ACL handling failure results in unrestricted access to
privileged operations, allowing an unauthenticated remote user to upload a
replacement CUPS configuration file and mount further attacks.

CVE-2015-1159:
A cross-site scripting bug in the CUPS templating engine allows this bug to be
exploited when a user browses the web. In certain cases, the CGI template can
echo user input to file rather than escaping the text first. This may be used
to set up a reflected XSS attack in the QUERY parameter of the web interface
help page. By default, many linux distributions run with the web interface
activated, OS X has the web interface deactivated by default.

Vulnerability Impact:
CVE-2015-1158 may allow a remote unauthenticated
attacker access to privileged operations on the CUPS server. CVE-2015-1159 may allow
an attacker to execute arbitrary javascript in a user's browser.

Affected Software/OS:
CUPS < 2.0.3

Solution:
A patch addressing these issues has been
released for all supported versions of CUPS. For the version 2.0 branch (the latest
release), 2.0.3 contains the patch.

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: BugTraq ID: 75098
BugTraq ID: 75106
Common Vulnerability Exposure (CVE) ID: CVE-2015-1158
http://www.securityfocus.com/bid/75098
CERT/CC vulnerability note: VU#810572
http://www.kb.cert.org/vuls/id/810572
Debian Security Information: DSA-3283 (Google Search)
http://www.debian.org/security/2015/dsa-3283
https://www.exploit-db.com/exploits/37336/
https://www.exploit-db.com/exploits/41233/
https://security.gentoo.org/glsa/201510-07
http://googleprojectzero.blogspot.in/2015/06/owning-internet-printing-case-study-in.html
https://code.google.com/p/google-security-research/issues/detail?id=455
https://github.com/0x00string/oldays/blob/master/CVE-2015-1158.py
RedHat Security Advisories: RHSA-2015:1123
http://rhn.redhat.com/errata/RHSA-2015-1123.html
http://www.securitytracker.com/id/1032556
SuSE Security Announcement: SUSE-SU-2015:1041 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00003.html
SuSE Security Announcement: SUSE-SU-2015:1044 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00006.html
SuSE Security Announcement: openSUSE-SU-2015:1056 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00010.html
http://www.ubuntu.com/usn/USN-2629-1
Common Vulnerability Exposure (CVE) ID: CVE-2015-1159
http://www.securityfocus.com/bid/75106
CopyrightCopyright (C) 2015 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.